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2014: Good Old Days of Compliance 


Probability of 
Compliance Drift 


Manual Audit 
Sampling Methods 7 Six Months Audit Schedule rs 
eee Q1 o ooo Probability that system configurations have 2 
deviated from expectations or documentation 
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Weekly Audit Schedule 
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2020: Matured Cybersecurity Risk 
Management 


Quick and 


Performing vulnerability 
management with a context to 
reduce the “attack surface” 


Quick continuous assessment 
and fix cycles before images 
are in production 


© Qualys. 


Teams Speak Different Languages 


å A 
FedRAMP 


© Pci è e e 
atti, = 
Elastic, Kafka, custom Identify risk and Secure hosts, config/integrity/ 
web servers compliance vulnerability management 


Security & Compliance assessment should be baked into DevOps 
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Start Compliant, Stay Compliant 


Jenkins aws-golden-ami-pipeline 


Pipeline aws-golden-ami-pipeline 


det 
2 Recent Changes 
mms 
Stage View => 
Launch a 
CentOS Launch VM 
instance with & PC 
S Scan on 
the Source instance 
AMI 
73ms 10min 44s 
Nov 01 © in 
15:57 
Nov 01 © 


QUALYS POLICY COMPLIENCE RESULTS 


Show | 10, entries 


CID Title Technology Criticality 
14602 Status of the 'nosuid' option for '/tmp' partition using 'mount' command CentOS 7 4 
10804 Status of the SELinux current mode (running configuration) CentOS 7 4 
10643 Status of iptables package CentOS 7 4 
12815 List of runtime audit rules for '/etc/passwad' file, using auditctl CentOS 7 4 
10664 Status of the 'OPTIONS' setting within ‘/etc/sysconfig/chronyd' file CentOS 7 4 
9473 Existence of the 'extraneous' files and directories (Sensitive files/Directori Tomcat 8 3 

es) 
9477 Status of 'X-Powered-By' setting within ‘server.xml’ file Tomcat 8 4 
9551 Status of the 'secure' attribute for each 'Connector' elements whose 'SSL Tomcat 8 4 
Enabled’ are set to ‘true’ 
9605 Status of the command-line flag 'STRICT_SERVLET_COMPLIANCE' set CentOS 7 4 
for the Tomcat process 
9565 Status of the ‘web server processes' which are not started with 'Security CentOS 7 4 


Manager' 


Monitor Critical Files From CD Phase 
mrs x => 


FIM: Create 
and apply 
FIM: Apply OS application 
Embed Qualys VM PC Base Profile specific 
Cloud Agent profile 


59ms 60ms 60ms 60ms 60ms 


59ms 10min 10min 10min 
failed failed failed failed 
59ms 63ms 63ms 63ms 63ms 
failed failed failed failed failed 
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Discover and Assess Middleware 
Automatically 


v Apache Tomcat 8x 


w 1. ApacheTomcatControls 


- = 


Y (1.1) 9505 Status of the 'permissions' within 'SCATALINA HOME/webapps' directory 
> 1. Apache TC 8::/opt/apache-tomcat-8.0.18/apache-tomcat-8.0.18 Status: 


Discover unauthorized E de HE 
technologies based ace TS =a 
on h O st S cans > 4. Apache TC 8::/opt/apache-tomcat-8.5.20/apache-tomcat1 pu 


Y (1.2) 9602 Status of the ‘manager application (webapps/manager)' setting SERIOUS 
> 1. Apache TC 8::/opt/apache-tomcat-8.5.20/apache-tomcat1 Status: PASS 
> 2. Apache TC 8::/optapache-tomcat-8.0.18/apache-tomcat-8.0.18 Status: PASS 
> 3. Apache TC 8::/opt/apache-tomcat-8.5.20/apache-tomcat Status: PASS 
> 4. Apache TC 8::/opt/apache-tomcat-8.5.20 Status: PASS 
+ (1.3) 9603 Status of the 'manager application (manager_xml)' setting SERIOUS 
> (1.4) 9606 Status of the command-line flag 'RECYCLE_FACADES' set for the Tomcat process 
> (1.5) 9610 Status of the 'connectionTimeout' value within 'Connector' element in 'server_xml' fil SERIOUS 


> (1.6) 9611 Status of the 'maxHttpHeaderSize' value within ‘Connector’ element in ‘server. xml' fil SERIOUS 


Security Control Validation (SCV) 


Policy Compliance ~ DASHBOARD POLICIES SCANS REPORTS EXCEPTIONS ASSETS USERS 10 


Reports 


Top five responsibilities 
of CISOs 


htt S://WWW. bitsi ht.com/blo /ciso-roles-a nd- 9043 — Status of the Default Protections for internet Windows Server 2012 R2 +619102a8 Apr 16,2019 
responsi b i | ities CATEGORY Apr 16,2019 Explorer’ setting os 10.11.114.112 1 H6F91D 


1-23 of 23 


Anti-Virus/Malwa 23 > MR 04 stotus of the Dofouit Protections for internet Windows Server 2012 R2 win2012r2 Oct 07,2017 
Jul 24, 2017 Explorer setting os 10.10.35.201 | WIN201% 
I 
CRITICAL > kw 9057 — Status of the ‘System ASLR setting Windows Server 2012 R2 61910208 Apr 16,2019 
SERIOUS 2 Apr 16,2019 os 10.11.114.112 1 H6F91D 
CRITICAL 19 
URGENT 2 > GE 09 status of the System ASLR setting Windows Server 2012 R2 win2012r2 Oct 07,2017 
Jul 24, 2017 os 10.10.35.20) | WIN201% 
° ° 
POSTURE » Ca 4156 — Status of the Notify antivirus programs when Windows Server 2012 R2 6f91d2a8 Apr 16,2019 
re - re l | | S | e S a I ) PASS n Ape 16,2019 opening attachments’ Group Policy setting os 10.11.114,112 | H6F910 
FAIL 2 
å å » ME iiss Status of the Notify antivirus programs when Windows Server 2012 R2 win2012r2 Oct 07,2017 
C O n fi | | ra t | O n S Jui 24, 2017 opening attachments’ Group Policy setting où 10.10.35.201 | WIN201: 
> ES 8881 Status of the security patches and software Mac OSX 10.x 10101037 Jui 24,2017 
Jul 24 , 2017 updates os 
» Ka 8844 Status of the ‘Automatically check for updates’ Mac OSX 10x 10.10.10.37 Jui 24,2017 
Jul 24, 2017 setting os 
» MD 0 søusofthe Gatekeeper feature Mac 0S X 10.x 10.10.10.37 Jul 24,2017 


Jui 24,2017 os 


Native security features EE EE 


Anti-virus | FIM Agents | Splunk | Kafka | Native 
Malware Protection | Jenkins 
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< Create New: Remediation 


STEP 4/5 
Basic Information Schedu le 
Schedule the remediation job to run on demand or in the future 
Select Assets 
ee 
Schedule ute , 
Remediation Window 
Review and Confirm You can configure a remediation windoe to run to 


@ None © Set Duration 


Note: Not setting the patch window will allow the cloud agent to take as much time as it needs to 
complete the job. 


— - | 


n. 


New Policy 


Compliance UI 


Security for Inaccessible & Exotic Hosts 


Use APIs/UI and push data to Qualys 


- Create custom assets 
- Push command output, Qualys Out-of-Band Config Assessment (OCA) 


vulnerability, config data ——— 


Detailed Results 


154.36.214.3 (hp-in01-prn02, HP-INO1-PRNO2) | oss : Fa | 
T MP FutureSmart å A Colages 12 


Validate settings and data 


= HP FutureSmart 4.x 


Report vulnerabilities, security CRE aa 
A + k > (1.1) 1116 Status of the 'File Transfer Protocol (FTP) service xm : GENE 
and misconfigurations | et eer een mm am 
» (1.3) 10270 Status of the SNMP community strings [serious | u oe 
» (1.4) 12413 Status of the ‘AppleTalk’ protocol I : GSE 
» (1.5) 13857 Status of version of firmware stored in boot PROM xm s ss 
» (1.6) 14039 Status of SNMP configuration of version SNMPv1 [ came e] u M 


New-Age File Integrity Monitoring 


Built on the same Qualys Cloud Agent 
you use for VM, PC, Inventory es — 


Real-time detection for high volume, =a Te 
high scale ne ve og mm sue if 
Agent Modules Tego 
Automated incident management and 
alerting 


DCC... CIS Ms GI Cloud | 
cs Lors | 


DCC... ED E ow Cloud ; 
[ orerat 


Out of the box PCI monitoring profiles 


for OS and applications meer = 
No infrastructure or data load for you am os ar ET 
to manage 
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Authorized vs Unauthorized Changes 
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File Integrity Monitoring ~ DASHBOARD EVENTS RULES INCIDENTS REPORTS ASSETS CONFIGURATION 


De 
© 
< 


Incidents All Incidents 


Correlation Rules 


>X< ruleld:8fc42fcc-4028-45e8-88da-672254ed1493 


101 


Assigned to me Pending 
Total Incidents 
101 1 

STATUS 1-50 of 101 

CLOSED 100 eon 
CREATED NAME TYPE STATUS ASSIGNEE DISPOSITION CHANGE TYPE APPROVA 

OPEN 1 
21 hoursago Unauthorized Windows Patc... AUTOMATED OPEN quays_qd - - 
10:30:00 AM 
2 days ago Unauthorized Windows Patc... AUTOMATED CLOSED quays_qd PATCHING AUTOMATED POLICY_VIOLA... 
10:30:00 AM 
3 days ago Unauthorized Windows Patc... AUTOMATED CLOSED quays_qd PATCHING AUTOMATED POLICY VIOLA... 
10:30:00 AM 
4 days ago Unauthorized Windows Patc... AUTOMATED CLOSED quays_qd PATCHING AUTOMATED POLICY. VIOLA... 
10:30:00 AM 
5 døys ago Unauthorized Windows Patc... AUTOMATED CLOSED quays_qd PATCHING AUTOMATED POLICY_VIOLA... 
10:30:00 AM 
6 days ago Unauthorized Windows Patc... AUTOMATED CLOSED quays_qd PATCHING AUTOMATED POLICY_VIOLA... 
10:30:00 AM 
7 days ago Unauthorized Windows Patc... AUTOMATED CLOSED quays_qd PATCHING AUTOMATED POLICY_VIOLA... 

| 10:30:00 AM 


© Qualys. 


Open APIs for Integration 


FIM DASHBOARD 


Select time range (Default 30 Days) 


alltime ~ Ete res 


TOTAL CHANGES EVENTS BY SEVERITY 
2,500 
4 
MN Severity! MB Severity? Gi Severity? Mi Severity 4 W Severity 5 
FILE CHANGES BY CHANGE ACTION DIRECTORY CHANGES BY CHANGE ACTION 


10,000 000 


cac 1.900 
190 oo 
MM Attributes ME Create Mi Delete Ml Rename urity M Attributes 
TOP CHANGES BY USER TOP CHANGES BY PROCESS 
egain-PC 1 NT AUTHORITY khar 425 
AwastSve exe 
VSI-WINTXGAU-| 9 Administrator NT AUTHORITY 
Trustedinsraller exe 
NT AUTHORITY SYSTEM Oualyshgent.exe 
CHANGES BY OS PLATFORM CHANGES BY TYPE CHANGES BY CATEGORY CHANGES BY PROFILE 
HIPAA 
- — Directory y an 
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Context of Changes in Cloud 


© Qualys. 


< Asset Details : i-076e2369b896dfe3e 


prise 


Y INVENTORY : å Å 2 
File Integrity Monitoring 
Asset Summary 

System Information 

Network Infomation | Cloud Agent FIM Events ECS 


Open Ports 


Traffic Summary 


Cloud Information UNAUTHORIZED EVENTS ON S3 BUCKET FROM INSTANCE (INSTANCE ID) 
Y SECURITY 

Vulnerabilities Total Events 

Threat Protection 5.0K 

Patch Management 

M authorized 4584 
Indication of Compromise 
BB Unauthorized 498 

Certificates 

Secure Access Control 

SOAR 
Y COMPLIANCE 

Policy Compliance 

File Integrity Monitoring Was TANG oe En 

an hour ago bucketauditreports/ PutBucketPolicy InstanceProfile/i-07f6. 

Y SENSORS nee jm 5 

Agent Summary an hour ago bucketauditreports/t... GetObject InstanceProfile/t-07f6. 

12:08:18 PM 636123 82/us-west-1 s drol 

Connector Summary 

Passive Sensor an hour ago bucketauditreports/ec2... DeleteObject 

Alert Notifications i sÈ 


an hour ago bucketauditreports/RDS... DeleteObject InstanceProfile/i-07f6. 


8PM 6 us-we assumed-role 


bucketauditreports/tom... DeleteObject InstanceProfile/i-07f6. 
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Assess Vendor Security 


Manage vendor risk per 
vendor criticality 


Unify Vendor security and 
process compliance with 
technical security 


Qualys Security Assessment Questionnaire 
(SAQ) 
© Qualys. Enterprise 


Security Assessment Questionnaire DASHBOARD CAMPAIGNS REPORTS TEMPLATES USERS Qualys.demo 


Dashboard 


Last 30 days E (+) 


DUE IN 2 WEEKS HIGH RISK VENDORS ACTIVE VENDOR CAMPAIGNS 
20 campaig 6 21 


MY ACTIVE CAMPAIGNS VENDOR CAMPAIGN STATUS 
Total 
Employee Half Yearly N °:: Nov 2, 2018 Nov 20, 2018 53 view 
Finance Vendors Quarterly Check Ea 64% Oct 29, 2018 Nov 23, 2018 Bg Active 21 
Inactive 8 
APAC Office Vendors ES 47% Nov 12, 2018 Nov 30, 2018 
E Complete 18 
Contractors Quarterly Check ma 24% Aug 20,2018 Oct 30, 2018 BB canceled 6 
IT Assets Management a 18% Oct 12, 2018 Dec 20, 2018 
OVERALL CAMPAIGN AGING VENDOR RISK ANALYSIS TOP 5 VENDORS BY RISK 
Total 
28 view 


Zurich Softwares | Medium | 


E Very High $ Global Infotech 
Overdue: 13 må rd à obal Infotec wm) [Very High | 


SaaS Applications Challenges 


HR gets the cloud treatment 


THE AUSTRALIAN * 
Public cloud spending skyrockets as SaaS shines p | 
SI Workday Rises on Demand for Business 
IDC: Cloud spending to grow 21% Cloud-Based Software 
by 2021 


| » Jeite) 


ue Namely” 


q Office 365 box 23 Spending On CRM Apps Predicted To Soar In 


2018 i RIT 
Microsoft, Google Make Cloud Offerings More Enticing 


CWEEK salesforce for] 
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SaaS Security and Compliance 


| vel Ito ry CloudView DASHBOARD DIRECTORY RESOURCES POLICIES REPORTS MONITOR CONFIGURATIONS 


Dashboard v 


A C C e S S DOCUMENTS APPLICATIONS AT RISK DOCUMENT TYPES 


Total Documents Total Applications at Risk Total Documents 


14432 20 13693 


4 M Private E Low 13 SN | E xm 10849 


Exposure gr = = + 


M Domain 


LE 413 
M External E png 364 
daciwment 207 
12% 
e fi e 
S e C u r l ty C O l | | g u ra t l O l | S USERS EXTERNAL USERS WITH MOST ACCESS INTERNAL USERS WITH MOST EXPOSURE 
deepakbalakrishna@gmail.co 34 amit.agarwal@adya.io 1890 
dbalakrishna@qualys.com 7 editors@adya.io 120 


Office365, Google Suite, Salesforce E m 7 —— i 
GitHub, Okta, Slack oM l a = 


cthabarAniralre nam 14 daanal Marve in 11 


Sensitive Data Discovery and Security 


Discovery 
Access Visibility 


Activity Monitoring 


Context for security 


© Qualys. Enterprise 


docuvault01.prod 


v INVENTORY 
Asset Summary 
System Information 
Network Information 
Open Ports 
Traffic Summary 


Data Access Governance 


SENSITIVE FILES 


v SECURITY 


Certificat FILE MAME 
EmployeeRecords.mdb 


C\Users\04961-a\Documents: 


VulnerabilityReport_Q42019.csv 
COMPLIANCE C:\ProgramData\Microsoft He 


Data Access Governance Employee_PAN_details_Dec... 
File integrity Monitoring share male 
Policy Compliance intraappTrans.logs 


C‘\Users\04961-8 \Documents 


cuments 


Y SENSORS 
Agent Summary 
Connector Summary 
Passive Sensor 
Alert Notifications 


ACCESS CONTROL CHECKS (PC) 


j Total 
P 20 ven 


E Fated 
DATA LABELS OCCURANCE 
[Pi Eoopr focea 398 
[Pci | vunrepons 1589 
[pci [Pn foor 257 
fcora 
fra 3 


FILES ACCESSED IN LAST 48 HRS 


Va 4 


M Recenty Access. 1 


FILE CRITICALITY LAST DISCOVERED ON 


5 days ago 
120818 PM 


5 days ago 


12:08:18 PM 


5 days ago 


1208:18 PM 


5 days ago 


120818 PM 


Cloud Applications Qualys Cloud Platform 


= 
VEN ©% “| Visibility in ITAM - know assets hold 
box j -~ sensitive data 


Directory / Metadata / Access /Classification 


Unstructured Data Discovery 


Secure through PC - Create 
permission/share/access controls 
to check their access 


Compliance 
GDPR / CCA / HIPAA/ etc 


F 


Desktop 


Monitor through FIM 


On Premises Unstructured Data 
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Quick Demo 
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Compliance Team and Shailesh Athalye 
sathalye@qualys.com 


